You're in: Panda Security > Home Users > security-info > about-malware > encyclopedia > overview
Active Scan. Scan your PC free
Panda Security Product Line 2012

Virus Encyclopedia

Welcome to the Virus Encyclopedia of Panda Security.

Encyclopedia GetVirusCard True 0

MS09-062

 
Threat LevelLow threatDamageHighDistributionNot widespread

Effects 

MS09-062 is not categorized as virus, worm, Trojan or backdoor. It is a group of critical vulnerabilities in the Microsoft Windows graphics device interface (GDI), which allows arbitrary code to be remotely executed in the vulnerable computer.

Windows graphics device interface (GDI) enables applications to use graphics and formatted text on both the video display and the printer.

The addressed vulnerabilities are:

  • GDI+ WMF Integer Overflow vulnerability. It occurs due to the way thay GDI+  allocates buffer size when handling WMF image files.
  • GDI+ PNG Heap Overflow vulnerability. It is due to an unchecked buffer in the PNG processing by GDI+.
  • GDI+ TIFF Buffer Overflow vulnerability. It is due to an unchecked buffer in the TIFF processing by GDI+.
  • GDI+ TIFF Memory Corruption vulnerability. It is due to an unchecked buffer in the TIFF processing by GDI+.
  • GDI+ .NET API vulnerability. It is due to an integer overflow in certain GDI+ APIs that are accessible from .NET Framework applications.
  • GDI+ PNG Integer Overflow vulnerability. It is due to an incorrect calculation of the memory required for parsing a PNG processed by GDI+.
  • Memory Corruption vulnerability. It is due to the way that Office parses Office Art Property Tables when opening a specially crafted Office document.
  • Office BMP Integer Overflow vulnerability. The vulnerability is caused by the way Office handles specially crafted Office documents that contain BMP images.

 

If exploited successfully, MS09-062 allows hackers to gain remote control of the affected computer with the same privileges as the logged on user. If this user had administrator rights, the hacker could take complete control of the system: create, modify or delete files, install programs, create new user accounts, etc.

This vulnerability is usually exploited by creating a specially crafted website and enticing users to access it. The link to the malicious website can be distributed via email, instant messaging programs, etc.

 

If you have any of the vulnerable components, it is recommended to download and apply the security patch for this vulnerability. Click here to access the web page for downloading the patch.

Bear in mind that this security bulletin replaces a previous one, called MS08-052.